2583 matches found
CVE-2025-50030
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sparklewpthemes Spark Multipurpose spark-multipurpose allows DOM-Based XSS.This issue affects Spark Multipurpose: from n/a through = 1.0.7...
CVE-2025-50037
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Buying Buddy Buying Buddy IDX CRM buying-buddy-idx-crm allows DOM-Based XSS.This issue affects Buying Buddy IDX CRM: from n/a through = 2.3.0...
CVE-2025-50033
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sparklewpthemes Fitness Park fitness-park allows DOM-Based XSS.This issue affects Fitness Park: from n/a through = 1.1.1...
CVE-2025-50037 WordPress Buying Buddy IDX CRM plugin <= 2.3.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Buying Buddy Buying Buddy IDX CRM allows DOM-Based XSS. This issue affects Buying Buddy IDX CRM: from n/a through 2.3.0...
CVE-2025-50045
CVE-2025-50045 concerns the WordPress plugin Related Products Manager for WooCommerce (versions up to and including 1.6.2). The issue is a DOM-based XSS caused by improper neutralization of input during web page generation. This vulnerability can enable a malicious actor to inject script via inpu...
CVE-2025-52733
CVE-2025-52733 concerns the WordPress plugin ANON::form embedded secure form (versions
PT-2025-26410 · Unknown · Anon::Form
Name of the Vulnerable Software and Affected Versions: ANON::form embedded secure form versions 1.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for DOM-Based XSS in the ANON::form...
PT-2025-26386 · Unknown · Sparkle Themes Fitness Park
Name of the Vulnerable Software and Affected Versions: Sparkle Themes Fitness Park versions n/a through 1.1.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means that an attack...
PT-2025-26396 · Woocommerce · Related Products Manager For Woocommerce
Name of the Vulnerable Software and Affected Versions: Related Products Manager for WooCommerce versions 1.6.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means...
CVE-2025-49855
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Meks Meks Flexible Shortcodes meks-flexible-shortcodes allows DOM-Based XSS.This issue affects Meks Flexible Shortcodes: from n/a through = 1.3.7...
CVE-2025-49878
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Greg Winiarski WPAdverts wpadverts allows DOM-Based XSS.This issue affects WPAdverts: from n/a through = 2.2.4...
CVE-2025-49882
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Tauqeer CubeWP cubewp-framework allows DOM-Based XSS.This issue affects CubeWP: from n/a through = 1.1.23...
CVE-2025-49878
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Greg Winiarski WPAdverts wpadverts allows DOM-Based XSS.This issue affects WPAdverts: from n/a through = 2.2.4...
CVE-2025-49882
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Tauqeer CubeWP cubewp-framework allows DOM-Based XSS.This issue affects CubeWP: from n/a through = 1.1.23...
CVE-2025-49855
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Meks Meks Flexible Shortcodes meks-flexible-shortcodes allows DOM-Based XSS.This issue affects Meks Flexible Shortcodes: from n/a through = 1.3.7...
CVE-2025-49855
CVE-2025-49855 affects the WordPress plugin Meks Flexible Shortcodes (versions from unknown up to and including 1.3.7). The issue is an DOM-based Cross-Site Scripting (XSS) vulnerability resulting from improper input neutralization during web page generation. Public references confirm the vulnera...
CVE-2025-49878 WordPress WPAdverts plugin <= 2.2.4 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Greg Winiarski WPAdverts wpadverts allows DOM-Based XSS.This issue affects WPAdverts: from n/a through = 2.2.4...
CVE-2025-49878 WordPress WPAdverts plugin <= 2.2.4 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Greg Winiarski WPAdverts wpadverts allows DOM-Based XSS.This issue affects WPAdverts: from n/a through = 2.2.4...
CVE-2025-49878
CVE-2025-49878 is a DOM-based XSS in the WPAdverts WordPress plugin, affecting versions up to 2.2.4 due to improper input neutralization during web page generation. Exploitation details are not specified in the provided documents, but Wordfence and Red Hat entries indicate the issue has been patc...
CVE-2025-49882 WordPress CubeWP Framework plugin <= 1.1.23 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Tauqeer CubeWP cubewp-framework allows DOM-Based XSS.This issue affects CubeWP: from n/a through = 1.1.23...